NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
AppVet Logo

8.  AppVet API


8.1 AUTHENTICATE

The AUTHENTICATE service accepts a username and password for authenticating a client with AppVet and returns an AppVet session ID. This session ID may then be used by the client for further interaction with AppVet until the session expires. The AUTHENTICATE HTTP Request API is shown in Table 8-1a.


Table 8-1a. AUTHENTICATE request.

Entity Name and/or Value Description
Method GET HTTP Request method.
Parameter command = AUTHENTICATE AppVet command.
Parameter username = <username> AppVet username.
Parameter password = <password> AppVet password.



The HTTP Response for an AUTHENTICATE HTTP Request is shown in Table 8-1b.


Table 8-1b. HTTP response.

Entity Name and/or Value Description
Status Code <statuscode> HTTP status code.
Payload <sessionid> AppVet session ID.



8.2 GET_STATUS

The GET_STATUS service retrieves the current status or risk assessment of an app. App status descriptions are described in App Status. The GET_STATUS HTTP Request API is shown in Table 8-2a.


Table 8-2a. GET_STATUS request.

Entity Name and/or Value Description
Method GET HTTP Request method.
Parameter command = GET_STATUS AppVet command.
Parameter sessionid = <sessionid> AppVet username.
Parameter appid = <appid> AppVet app ID.



The HTTP Response for an GET_STATUS HTTP Request is shown in Table 8-2b.


Table 8-2b. HTTP response.

Entity Name and/or Value Description
Status Code <statuscode> HTTP status code.
Payload <appstatus> AppVet app status or risk assessment.



8.3 GET_TOOL_REPORT

The GET_TOOL_REPORT service retrieves the tool report for the specified app. The GET_STATUS HTTP Request API is shown in Table 8-3a.


Table 8-3a. GET_STATUS request.

Entity Name and/or Value Description
Method GET HTTP Request method.
Parameter command = GET_TOOL_REPORT AppVet command.
Parameter sessionid = <sessionid> AppVet username.
Parameter appid = <appid> AppVet app ID.
Parameter toolid = <toolid> AppVet tool ID.



The HTTP Response for an GET_TOOL_REPORT HTTP Request is shown in Table 8-3b.


Table 8-3b. HTTP response.

Entity Name and/or Value Description
Status Code <statuscode> HTTP status code.
Payload <reportfile> Report file.



8.4 GET_APP_LOG

The GET_APP_LOG service retrieves the log for the specified app. The GET_APP_LOG HTTP Request API is shown in Table 8-4a.


Table 8-4a. GET_APP_LOG request.

Entity Name and/or Value Description
Method GET HTTP Request method.
Parameter command = GET_APP_LOG AppVet command.
Parameter sessionid = <sessionid> AppVet username.
Parameter appid = <appid> AppVet app ID.



The HTTP Response for an GET_APP_LOG HTTP Request is shown in Table 8-4b.


Table 8-4b. HTTP response.

Entity Name and/or Value Description
Status Code <statuscode> HTTP status code.
Payload <applogfile> App log file.



8.5 GET_APPVET_LOG

The GET_APPVET_LOG service retrieves the AppVet log. The GET_APPVET_LOG HTTP Request API is shown in Table 8-5a.


Table 8-5a. GET_APPVET_LOG request.

Entity Name and/or Value Description
Method GET HTTP Request method.
Parameter command = GET_APPVET_LOG AppVet command.
Parameter sessionid = <sessionid> AppVet username.



The HTTP Response for an GET_APPVET_LOG HTTP Request is shown in Table 8-5b.


Table 8-5b. HTTP response.

Entity Name and/or Value Description
Status Code <statuscode> HTTP status code.
Payload <appvetlogfile> AppVet log file.



8.6 DOWNLOAD_REPORTS

The DOWNLOAD_REPORTS service retrieves a zipped file containing all reports and logs for the specified app. The DOWNLOAD_REPORTS HTTP Request API is shown in Table 8-6a.


Table 8-6a. DOWNLOAD_REPORTS request.

Entity Name and/or Value Description
Method GET HTTP Request method.
Parameter command = DOWNLOAD_REPORTS AppVet command.
Parameter sessionid = <sessionid> AppVet username.
Parameter appid = <appid> AppVet app ID.



The HTTP Response for an DOWNLOAD_REPORTS HTTP Request is shown in Table 8-6b.


Table 8-6b. HTTP response.

Entity Name and/or Value Description
Status Code <statuscode> HTTP status code.
Payload <reportfile> AppVet reports file.



8.7 SUBMIT_APP

The SUBMIT_APP service submits an app to AppVet. The SUBMIT_APP HTTP Request API is shown in Table 8-7a.


Table 8-7a. SUBMIT_APP request.

Entity Name and/or Value Description
Method POST HTTP Request method.
Parameter command = SUBMIT_APP AppVet command.
Parameter sessionid = <sessionid> AppVet username.
Parameter file = <appfile> App file.



The HTTP Response for an SUBMIT_APP HTTP Request is shown in Table 8-7b.


Table 8-7b. HTTP response.

Entity Name and/or Value Description
Status Code <statuscode> HTTP status code.
Response Header <appid> App ID of the submitted app.



8.9 SUBMIT_REPORT

The SUBMIT_REPORT service submits (or overrides an existing) tool report for the specified app. This service is used by asynchronous and push services to submit reports as well as analysts for overriding existing tool reports. The SUBMIT_REPORT HTTP Request API is shown in Table 8-9a.


Table 8-9a. SUBMIT_REPORT request.

Entity Name and/or Value Description
Method POST HTTP Request method.
Parameter command = SUBMIT_REPORT AppVet command.
Parameter appid = <appid> AppVet app ID.
Parameter username = <username> AppVet username.
Parameter password = <password> AppVet password.
Parameter toolrisk = <toolrisk> The risk assessment PASS, WARNING, or FAIL. If the service could not process the app, then risk should have a value of ERROR.
Parameter file = <reportfile> Report file.



The HTTP Response for an SUBMIT_REPORT HTTP Request is shown in Table 8-9b.


Table 8-9b. HTTP response.

Entity Name and/or Value Description
Status Code <statuscode> HTTP status code.